Kyle Pope
dbad9c69b3
- Add .dockerignore for backend and frontend (DC-1: eliminates node_modules/ and .env from build context) - Delete start.sh with --reload flag (DC-2: superseded by Dockerfile CMD) - Create entrypoint.sh with exec uvicorn (DW-5: proper PID 1 signal handling) - Pin base images to patch-level tags (DW-1: reproducible builds) - Reorder Dockerfile: create appuser before COPY, use --chown (DW-2) - Switch to npm ci for lockfile-enforced installs (DW-3) - Add network segmentation: backend_net + frontend_net (DW-4: db unreachable from frontend container) - Add deploy.resources limits to all services (DW-6: OOM protection) - Refactor proxy-params.conf to include security headers, deduplicate from nginx.conf location blocks (DW-7) - Add image/svg+xml to gzip_types (DS-1) - Add wget healthcheck for frontend service (DS-2) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
44 lines
430 B
Plaintext
44 lines
430 B
Plaintext
# Version control
|
|
.git
|
|
.gitignore
|
|
|
|
# Python artifacts
|
|
__pycache__
|
|
*.pyc
|
|
*.pyo
|
|
*.egg-info
|
|
dist
|
|
build
|
|
.eggs
|
|
|
|
# Virtual environments
|
|
.venv
|
|
venv
|
|
env
|
|
|
|
# IDE
|
|
.vscode
|
|
.idea
|
|
|
|
# Environment files — never bake secrets into the image
|
|
.env
|
|
.env.*
|
|
|
|
# Tests
|
|
tests
|
|
pytest.ini
|
|
.pytest_cache
|
|
.coverage
|
|
htmlcov
|
|
|
|
# Documentation
|
|
*.md
|
|
LICENSE
|
|
|
|
# Dev scripts
|
|
start.sh
|
|
|
|
# Docker files (no need to copy into the image)
|
|
Dockerfile
|
|
docker-compose*.yaml
|